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Box No- 1 Basis of the report 

1 . With regard to the language, this report is based on the international application in the language in which it was 
filed, unless otherwise indicated under this item. 

□ This report is based on translations from the original language into the following language , 
which is the language of a translation furnished for the purposes of: 

□ international search (under Rules 12.3 and 23.1(b)) 

□ publication of the international application (under Rule 12.4) 

□ international preliminary examination (under Rules 55.2 and/or 55.3) 

2 With regard to the elements* of the international application, this report is based on (replacement sheets which 
have been furnished to the receiving Office in response to an invitation under Article 14 are referred to in this 
report as "originally filed" and are not annexed to this report): 

Description, Pages 

1 _-| -j as originally filed 

Claims, Numbers 

-j ..34 filed with telefax on 09.12.2005 

Drawings, Sheets 

1 B-5/5 as originally filed 

□ a sequence listing and/or any related table(s) - see Supplemental Box Relating to Sequence Listing 

3. □ The amendments have resulted in the cancellation of: 

□ the description, pages 

□ the claims, Nos. 

□ the drawings, sheets/Tigs 

□ the sequence listing (specify): 

□ any table(s) related to sequence listing (specify): 

4 □ This report has been established as if (some of) the amendments annexed to this report and listed below 
had not been made, since they have been considered to go beyond the disclosure as filed, as indicated in the 
Supplemental Box (Rule 70.2(c)). 

□ the description, pages 

□ the claims, Nos. 

□ the drawings, sheets/figs 

□ the sequence listing (specify): 

□ any table(s) related to sequence listing (specify): 

* If Item 4 applies, some or all of these sheets may be marked "superseded. " 
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Box No. V Reasoned statement under Article 35(2) with regard to novelty, inventive step or industrial 
applicability; citations and explanations supporting such statement 



1. Statement 
Novelty (N) 



Inventive step (IS) 



Industrial applicability (IA) 



Yes: Claims 

No: Claims 

Yes: Claims 

No: Claims 

Yes: Claims 

No: Claims 



1-34 



1-34 
1-34 



2. Citations and explanations (Rule 70.7): 



see separate sheet 
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Re Item V 

Reasoned statement with regard to novelty, inventive step or industrial applicability; 
citations and explanations supporting such statement 

Reference is made to the following documents: 

D1 : EP-A-1 361 527 (SONY ERICSSON MOBILE COMM AB) 12 November 2003 
(2003-11-12) 

D2- EP-A-1 262 859 (CANON KK) 4 December 2002 (2002-12-04) 
D3: EP-A-1 004 992 (VISA INT SERVICE ASS) 31 May 2000 (2000-05-31) 
D4: WO 02/067173 A (CHAN KIM HING ; GU GUOLIANG (SG); SPRINT 
INNOVATIONS PTE LTD I (SG)) 29 August 2002 (2002-08-29) 

1 The present application does not meet the requirements of Article 33(1 ) PCT, 
because the subject-matter of independent claims 1 and 1 8 does not involve an 
inventive step in the sense of Article 33(3) EPC. 

1 .1 Using the words of independent claim 1 of the present application and taking 
references from D1 , D1 discloses: 

"A method of providing a dynamic security management in an apparatus comprising: 
a platform for running an application (colum 2 lines 37-39); a security manager 
(C3I20-22) for handling access of the application to functions existing in the apparatus 
(C2I51-53); an application interface between the platform and the application (c2l53- 
54); a set of access permissions (c3I22) stored in the apparatus (c3I23) and used by 
the'security manager for controlling access of the application to functions through the 
application interface (§21), characterised by the steps of: 

downloading into the apparatus an object containing access permissions applicable 
to at least one function (c2I50-51; c3I57-c4I2), said object comprising new routines 
and/or new functions (C2I39-40); 
verifying the object (C2I48-49); 

installing the access permissions together with the existing permissions (c3l25-28; 
c3lc57-c4l2); s aid obj e ct enhancing the application interface with said new routines 
and/or new functions " 
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Claim 1 thus differs from D1 in that the downloaded object enhances the application 
interface with said new routines and functions. 

Ignoring the fact that this feature, more specifically the expression "enhancing the 
application interface", is not clear, D1 does not imply any restrictions on the kind of 
functions or applications which are downloaded. Therefore, this feature cannot be 
considered so as to render the present application inventive (Art. 33(3) PCT). 

2 The same reasoning applies, mutatis mutandis, to the subject-matter of 
corresponding independent claims 14, 17 and 30, respectively, which are therefore 
also not inventive. 

3 Dependent claims 2-13,15,16,1 8-29 and 31 -34 do not contain any features which, 
in combination with the features of the respective claims to which they refer, meet the 
requirements of the PCT in respect of novelty and inventive step, see D1-D4. 



Form PCT/Separate Sheet/409 (Sheet 2) (EPO-January 2004) 



09-1 2-2005 7 " " EP0550547 



12 

CLAIMS 

1 A method of providing a dynamic security management in an apparatus (1 ) 
comprising: a platform for running an application (2); a security manager (7) 
for handling access of the application (2) to functions (3) existing in the 
5 apparatus; an application interface (1 1 A) between the platform and me 

application (2); a set of access permissions stored in the apparatus and used by 
the security manager (7) for controlling access of the application (2) to 
functions (3) through the application interface (1 1 A), characterised by the 

steps of: 

10 downloading into the apparatus (1) an object containing access permissions 

applicable to at least one function (3) said object comprising new routines 
and/or new functions; 
verifying tixe object; 

installing the access permissions together with the existing permissions; 
15 said object enhancing the application interface (1 1A) with said new routines 

and/or new functions. 

2. A method according to claim 1, characterised in that the object is verified by 
checking a certificate chain of the object. 

20 

3. A method according to claim 1 or 2, characterised in that it is verified that a 
policy (8) of the function allows updates. 

4. A method according to any one of the previous claims, characterised by 
25 downloading a further object containing a library (1 2), or the downloaded 

object further containing a library (12), said library <12) comprising new 
routines and/or new functions to be called by an application or library stored 
in the apparatus; and installing the library (12) to enable access of functions 
(3) through the application interface (1 1 A). 



30 



5 A method according to claim 4, characterised in that the new routines and/ or 
new functions can access existing functions through a library (12). 



6. A method according to claim 5, characterised in that the security manger (7), 
35 when accessing functions, recursively checks the permissions of the 

application interfaces (1 1A, 1 IB) and libraries (12) in a linked chain related to 
the called functions (3). 

7. A method according to any one of the previous claims, characterised by 



eceived at the EPO on Dec 09, 2005 




ALiiJ JLJttINO HLftJULVlU 



-* jir u xvi u in ^rmiN 



LE7.I HUM / u i r> 



09-12-2005 



EP0550547 



13 

downloading a further object containing an application (2), or the downloaded 
object further containing an application (2), said application (2) containing at 
least one new function; and installing the new function so that the new 
function can access existing functions through the application interface (11 A). 

8. A method according to claim 7, characterised in that the new functions can 
access existing functions through a library (12). 



9. A method according to any one of the previous claims, characterised in that 
10 the access permissions ace contained in a policy file. 

10. A method according to claim 9, characterised in that the policy file has a 
structure Unking access levels of existing functions with a domain associated 
with the downloaded object. 

15 

11. A method according to claim 9 or 10, characterised in that the policy file has 
a structure linking access levels of existing functions with information 
contained an a certificate chain* 

20 12. A method according to claim 1 1, characterised in that the information 

includes signature of the end entity certificate, signature of an intermediate 
certificate, or specific level information (level OLD). 

13. A method according to claim 10 or 1 1, characterised in that the policy file 
25 has a structure including logical expressions. 

14. A method of providing a dynamic security management in an apparatus (1) 
comprising: a platform for running an application (2); a security manager (7) 
for handling access of the application (2) to functions (3) existing in the 

30 apparatus; an application interface (1 1A) between the platform and the 

application (2); a set of access permissions stored in the apparatus and used by 
the security manager (7) for controlling access of the application (2) to 
functions (3) through the application interface (11 A), characterised by the 

steps of: 

35 storing the access permissions in a security policy (8); 

providing the security policy (8) with a hierarchical structure, wherein the 
security policy (8) has a structure linking access levels of existing functions 
with a domain associated with the downloaded object, the domain defining the 
basic access level which may be combined with other information. 
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15 A method according to claim 14, characterised in that the security policy (S) 
has a structure linking access levels of existing functions with information 
contained in a certificate chain. 

5 

16. A method according to claim 15, characterised in that the information 

includes signature of the end entity certificate, signature of an intermediate 
certificate, or specific level information (level OID). 

10 17 An apparatus (1) with dynamic security management comprising: a platform 

for running an application (2); a security manager (7) for handling access of 
the application (2) to functions (3) existing in the apparatus (1); an application 
interface (11 A) between the platform and the application (2); a set of access 
permissions stored hi the apparatus and used hy the security manager (7) for 
controlling access of the application (2) to functions (3) through the 
application interface (1 1 A), characterised in that: 
the apparatus (1) is arranged to download an object containing access 
permissions applicable to at least one function (3), said object comprising new 
routines and/or new functions; 
20 to verify the object; and 

to install the access permissions together with the existing permissions; 
said object enhancing the application interface (1 1A) with said new routines 
and/or new functions. 

25 IS. An apparatus according to claim 17, characterised in that the security 

manager (7) is adapted to verify the object hy checking a certificate chain of 
the object. 

19. An apparatus according to claim 1 7 or 1 8, characterised in that the security 
30 manager (7) is adapted to verify mat a policy of the function allows updates. 

20. An apparatus according to any one of claims 17 to 19, characterised in that 
the apparatus is arranged to download a further object containing a library 
(12), or the downloaded object further containing a library (12), said library 

35 (12) comprising new routines and/or new functions to be called by an 

application (2) or library (12) stored in the apparatus; and to install the library 
(12) to enable access of functions through the application interface (1 1A). 

21. An apparatus according to claim 20, characterised in that the new routines 



sceived at the EPO on 




09-1 2-2005 ' 



AiuJB.LlirN£> jilAJLii51U At* 



\£f.i if i i / 11 i «■ 

EP0550547 



15 

and/or new functions can access existing functions through a library (12). 

22 An apparatus according to claim 21, characterised in that the security manger 
(7) when accessing functions, is adapted to recursively check the permissions 
5 of the application interfaces (11A, HB) and libraries (12) in a linked chain 

related to the called functions 

23 . An apparatus according to any one claims 17 to 22, characterised in that the 
apparatus is arranged to download a further object containing an application 
10 (2), or the downloaded object further containing an application (2), said 

application (2) containing at least one new function; and to install the new 
function so that the new function can access existing functions through the 
application interface (1 1 A). 

15 24. An apparatus according to claim 23 , characterised in that the new functions 

can access existing functions through a library (12). 

25 , An apparatus according to any one of claims 1 7 to 24, characterised in that 
the access permissions are contained in a policy file. 

20 

26 . An apparatus according to claim 25, characterised in that the policy file has a 
structure linking access levels of existing functions with a domain associated 
with the downloaded object. 

25 27. An apparatus according to claim 25 or 26, characterised in that the policy file 

has a structure linking access levels of existing functions with information 
contained in a certificate chain. 

28, An apparatus according to claim 27, characterised in that the information 
3 0 includes signature of the end entity certificate, signature of an intermediate 

certificate, or specific level information (level OID). 



29. An apparatus according to claim 27 or 28, characterised in that the policy file 
has a structure including logical expressions. 

35 „ 

30. An apparatus (1 ) with dynamic security management comprising: a platform 

for running an application (2); a security manager (7) for handling access of 
the application (2) to functions (3) existing in the apparatus; an application 
interface (1 1A) between the platform and the application (2); a set of access 
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permissions stored in the apparatus and used by the security manager (7) for 
controlling access of the application (2) to functions (3) through the 
application interface (1 1 A), characterised in that the apparatus is arranged to: 
store the access permissions in a security policy (8); 
5 provide the security policy (8) with a hierarchical structure. 

31. An apparatus according to claim 30, characterised in that the security policy 
(8) has a structure linking access levels of existing functions with a domain 
associated with the downloaded object. 

10 

32. An apparatus according to claim 31, characterised in that the security policy 
(8) has a structure linking access levels of existing functions with information 
contained in a certificate chain. 

15 33. An apparatus according to claim 32, characterised in that the information 

includes signature of the end entity certificate, signature of an intermediate 
certificate, or specific level information (level OID). 

34. An apparatus according to any one of claims 17 to 33, characterised in that 
20 the apparatus (1) is a portable telephone, a pager, a communicator, a smart 

phone, or an electronic organiser. 



sceived at the EPO on Dec 



